00 ·

Trust & security.

Candidate data is the most sensitive thing on your laptop. Here's exactly how we host it, who can see it, and how to get our DPA on file before you roll us out.

01Architecture

Where your data lives.

Hosting

Cloudflare Workers (application) + Supabase EU (Frankfurt) for database, auth, and file storage.

Encryption

TLS 1.3 in transit. AES-256 at rest. Row-level security on every table.

Tenant isolation

Workspace-scoped RLS policies. Reviewers see only the room they were invited to, via short-lived signed link tokens.

Backups

Daily Postgres backups retained for 7 days (managed by Supabase).

Logging

Operational logs only. We never log resume text or candidate PII into request logs.

02AI

How AI is used (and isn't).

Provider

OpenAI via server-side API. Calls are made from the Cloudflare Worker, not the browser.

Training

OpenAI does not train on data sent through their API. We never opt into training.

Scope

AI sees only what's needed to draft the brief or answer the question (resume text, role brief, hiring manager priorities). It is not given access to other workspaces, clients, or rooms.

Hallucination guard

Every AI draft is passed through a verifier that strips claims not grounded in the source resume or recruiter notes before being shown to a hiring manager.

03Sub-processors

Who else touches the data.

VendorPurposeRegion

SupabaseDatabase, auth, file storageEU (Frankfurt)

Cloudflare WorkersApplication hosting & edge runtimeGlobal edge

OpenAIAI brief drafting, copilot, Q&AUS (no training on our data)

StripePayments & subscription billingUS / EU

Resend / transactional emailReviewer invites, password resetsEU

We notify customers in writing before adding or removing a sub-processor.

04Retention & deletion

When data goes away.

Active workspace

Data is retained for as long as your workspace is active.

Cancellation

On cancellation, candidate records, resumes, briefs, and rooms are deleted within 30 days. Aggregate, non-PII billing records may be retained for tax compliance.

Reviewer links

Room links can be revoked at any time. Closed rooms are read-only and links expire by default after the round closes.

Data export

Workspace owners can request a JSON + PDF export of all briefs and decisions at any time.

05Paperwork

DPA, security summary, NDA.

We have a standard Data Processing Addendum (GDPR Art. 28-aligned) ready to counter-sign, plus a one-page security summary and sub-processor list. Most boutique firms and in-house TA teams need this before procurement signs off — request it below.

security@prunr.co

06Reporting

Found something? Tell us.

Email security@prunr.co with a description and reproduction steps. We acknowledge within one business day and aim to remediate critical issues within 7 days. No bug bounty yet — but we'll credit you in our release notes if you'd like.